Hello community,
here is the log from the commit of package exim for openSUSE:Factory checked in
at 2018-05-15 10:04:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/exim (Old)
and /work/SRC/openSUSE:Factory/.exim.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exim"
Tue May 15 10:04:24 2018 rev:48 rq:603159 version:4.91
Changes:
--------
--- /work/SRC/openSUSE:Factory/exim/exim.changes 2017-12-08
13:03:33.996296609 +0100
+++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2018-05-15
10:30:59.673493531 +0200
@@ -1,0 +2,149 @@
+Mon Apr 16 13:57:17 UTC 2018 - wullin...@rz.uni-kiel.de
+
+- update to 4.91
+ * DEFER rather than ERROR on redis cluster MOVED response.
+ * Catch and remove uninitialized value warning in exiqsumm
+ * Disallow '/' characters in queue names specified for the "queue=" ACL
+ modifier. This matches the restriction on the commandline.
+ * Fix pgsql lookup for multiple result-tuples with a single column.
+ Previously only the last row was returned.
+ * Bug 2217: Tighten up the parsing of DKIM signature headers.
+ * Bug 2215: Fix crash associated with dnsdb lookup done from DKIM ACL.
+ * Fix issue with continued-connections when the DNS shifts unreliably.
+ * Bug 2214: Fix SMTP responses resulting from non-accept result of MIME ACL.
+ * The "support for" informational output now, which built with Content
+ Scanning support, has a line for the malware scanner interfaces compiled
+ in. Interface can be individually included or not at build time.
+ * The "aveserver", "kavdaemon" and "mksd" interfaces are now not included
+ by the template makefile "src/EDITME". The "STREAM" support for an older
+ ClamAV interface method is removed.
+ * Bug 2223: Fix mysql lookup returns for the no-data case (when the number of
+ rows affected is given instead).
+ * The runtime Berkeley DB library version is now additionally output by
+ "exim -d -bV". Previously only the compile-time version was shown.
+ * Bug 2230: Fix cutthrough routing for nonfirst messages in an initiating
+ SMTP connection.
+ * Bug 2229: Fix cutthrough routing for nonstandard port numbers defined by
+ routers.
+ * Bug 2174: A timeout on connect for a callout was also erroneously seen as
+ a timeout on read on a GnuTLS initiating connection, resulting in the
+ initiating connection being dropped.
+ * Relax results from ACL control request to enable cutthrough, in
+ unsupported situations, from error to silently (except under debug)
+ ignoring.
+ * Fix Buffer overflow in base64d() (CVE-2018-6789)
+ * Fix bug in DKIM verify: a buffer overflow could corrupt the malloc
+ metadata, resulting in a crash in free().
+ * Fix broken Heimdal GSSAPI authenticator integration.
+ * Bug 2113: Fix conversation closedown with the Avast malware scanner.
+ * Bug 2239: Enforce non-usability of control=utf8_downconvert in the mail ACL.
+ * Speed up macro lookups during configuration file read, by skipping non-
+ macro text after a replacement (previously it was only once per line) and
+ by skipping builtin macros when searching for an uppercase lead character.
+ * DANE support moved from Experimental to mainline. The Makefile control
+ for the build is renamed.
+ * Fix memory leak during multi-message connections using STARTTLS.
+ * Bug 2236: When a DKIM verification result is overridden by ACL, DMARC
+ reported the original. Fix to report (as far as possible) the ACL
+ result replacing the original.
+ * Fix memory leak during multi-message connections using STARTTLS under
+ OpenSSL
+ * Bug 2242: Fix exim_dbmbuild to permit directoryless filenames.
+ * Fix utf8_downconvert propagation through a redirect router.
+ * Bug 2253: For logging delivery lines under PRDR, append the overall
+ DATA response info to the (existing) per-recipient response info for
+ the "C=" log element.
+ * Bug 2251: Fix ldap lookups that return a single attribute having zero-
+ length value.
+ * Support Avast multiline protocol, this allows passing flags to
+ newer versions of the scanner.
+ * Ensure that variables possibly set during message acceptance are marked
+ dead before release of memory in the daemon loop.
+ * Bug 2250: Fix a longstanding bug in heavily-pipelined SMTP input (such
+ as a multi-recipient message from a mailinglist manager).
+ * The (EXPERIMENTAL_DMARC) variable $dmarc_ar_header is withdrawn, being
+ replaced by the ${authresults } expansion.
+ * Bug 2257: Fix pipe transport to not use a socket-only syscall.
+ * Set a handler for SIGTERM and call exit(3) if running as PID 1. This
+ allows proper process termination in container environments.
+ * Bug 2258: Fix spool_wireformat in combination with LMTP transport.
+ Previously the "final dot" had a newline after it; ensure it is CR,LF.
+ * SPF: remove support for the "spf" ACL condition outcome values "err_temp"
+ and "err_perm", deprecated since 4.83 when the RFC-defined words
+ " temperror" and "permerror" were introduced.
+ * Re-introduce enforcement of no cutthrough delivery on transports having
+ transport-filters or DKIM-signing.
+ * Cutthrough: for a final-dot response timeout (and nonunderstood responses)
+ in defer=pass mode supply a 450 to the initiator. Previously the message
+ would be spooled.
+ * DANE: add dane_require_tls_ciphers SMTP Transport option; if unset,
+ tls_require_ciphers is used as before.
+ * Malware Avast: Better match the Avast multiline protocol.
+ * Fix reinitialisation of DKIM logging variable between messages.
+ * Bug 2255: Revert the disable of the OpenSSL session caching.
+ * Add util/renew-opendmarc-tlds.sh script for safe renewal of public
+ suffix list.
+ * DKIM: accept Ed25519 pubkeys in SubjectPublicKeyInfo-wrapped form,
+ since the IETF WG has not yet settled on that versus the original
+ "bare" representation.
+ * Fix syslog logging for syslog_timestamp=no and log_selector +millisec.
+ Previously the millisecond value corrupted the output.
+ Fix also for syslog_pid=no and log_selector +pid, for which the pid
+ corrupted the output.
+
+-------------------------------------------------------------------
+Thu Mar 15 20:22:09 UTC 2018 - crrodrig...@opensuse.org
+
+- Replace xorg-x11-devel by individual pkgconfig() buildrequires.
+
+-------------------------------------------------------------------
+Tue Feb 13 13:39:34 UTC 2018 - kbabi...@suse.com
+
+- update to 4.90.1
+ * Allow PKG_CONFIG_PATH to be set in Local/Makefile and use it correctly
+ during configuration. Wildcards are allowed and expanded.
+ * Shorten the log line for daemon startup by collapsing adjacent sets of
+ identical IP addresses on different listening ports. Will also affect
+ "exiwhat" output.
+ * Tighten up the checking in isip4 (et al): dotted-quad components larger
+ than 255 are no longer allowed.
+ * Default openssl_options to include +no_ticket, to reduce load on peers.
+ Disable the session-cache too, which might reduce our load. Since we
+ currrectly use a new context for every connection, both as server and
+ client, there is no benefit for these.
+ * Add $SOURCE_DATE_EPOCH support for reproducible builds, per spec at
+ <https://reproducible-builds.org/specs/source-date-epoch/>.
+ * Fix smtp transport use of limited max_rcpt under mua_wrapper. Previously
+ the check for any unsuccessful recipients did not notice the limit, and
+ erroneously found still-pending ones.
+ * Pipeline CHUNKING command and data together, on kernels that support
+ MSG_MORE. Only in-clear (not on TLS connections).
+ * Avoid using a temporary file during transport using dkim. Unless a
+ transport-filter is involved we can buffer the headers in memory for
+ creating the signature, and read the spool data file once for the
+ signature and again for transmission.
+ * Enable use of sendfile in Linux builds as default. It was disabled in
+ 4.77 as the kernel support then wasn't solid, having issues in 64bit
+ mode. Now, it's been long enough. Add support for FreeBSD also.
+ * Add commandline_checks_require_admin option.
+ * Do pipelining under TLS.
+ * For the "sock" variant of the malware scanner interface, accept an empty
+ cmdline element to get the documented default one. Previously it was
+ inaccessible.
+ * Prevent repeated use of -p/-oMr
+ * DKIM: enforce the DNS pubkey record "h" permitted-hashes optional field,
+ if present.
+ * DKIM: when a message has multiple signatures matching an identity given
+ in dkim_verify_signers, run the dkim acl once for each.
+ * Support IDNA2008.
+ * The path option on a pipe transport is now expanded before use
+ * Have the EHLO response advertise VRFY, if there is a vrfy ACL defined.
+- Several bug fixes
+- Fix for buffer overflow in base64decode() (bsc#1079832 CVE-2018-6789)
+- removed patches (included upstream now):
+ * exim-CVE-2017-1000369.patch
+ * exim-CVE-2017-16943.patch
+ * exim-CVE-2017-16944.patch
+ * exim-4.86.2-mariadb_102_compile_fix.patch
+
+-------------------------------------------------------------------
Old:
----
exim-4.86.2-mariadb_102_compile_fix.patch
exim-4.88.tar.bz2
exim-4.88.tar.bz2.asc
exim-CVE-2017-1000369.patch
exim-CVE-2017-16943.patch
exim-CVE-2017-16944.patch
New:
----
exim-4.91.tar.bz2
exim-4.91.tar.bz2.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ exim.spec ++++++
--- /var/tmp/diff_new_pack.k4VE9R/_old 2018-05-15 10:31:00.561460916 +0200
+++ /var/tmp/diff_new_pack.k4VE9R/_new 2018-05-15 10:31:00.565460769 +0200
@@ -1,7 +1,7 @@
#
# spec file for package exim
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -47,17 +47,12 @@
BuildRequires: openldap2-devel
%endif
BuildRequires: pcre-devel
-%if %{?suse_version:1}%{?!suse_version:0}
-BuildRequires: libopenssl-devel
BuildRequires: tcpd-devel
-BuildRequires: xorg-x11-devel
-%else
-BuildRequires: libXaw-devel
-BuildRequires: libXext-devel
-BuildRequires: libXt-devel
-BuildRequires: openssl-devel
-BuildRequires: tcp_wrappers
-%endif
+BuildRequires: pkgconfig(libcrypto)
+BuildRequires: pkgconfig(libssl)
+BuildRequires: pkgconfig(xaw7)
+BuildRequires: pkgconfig(xmu)
+BuildRequires: pkgconfig(xt)
Url: http://www.exim.org/
Conflicts: sendmail sendmail-tls postfix
Provides: smtp_daemon
@@ -78,7 +73,7 @@
%endif
Requires(pre): fileutils textutils
%endif
-Version: 4.88
+Version: 4.91
Release: 0
%if %{with_mysql}
BuildRequires: mysql-devel
@@ -90,11 +85,11 @@
BuildRequires: sqlite3-devel
%endif
Summary: The Exim Mail Transfer Agent, a Replacement for sendmail
-License: GPL-2.0+
+License: GPL-2.0-or-later
Group: Productivity/Networking/Email/Servers
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Source: http://ftp.exim.org/pub/exim/exim4/old/exim-%{version}.tar.bz2
-Source3:
http://ftp.exim.org/pub/exim/exim4/old/exim-%{version}.tar.bz2.asc
+Source: http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2
+Source3: http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2.asc
# http://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc
Source4: exim.keyring
Source1: sysconfig.exim
@@ -107,10 +102,6 @@
Source32: eximstats.conf-2.2
Source40: exim.service
Patch0: exim-tail.patch
-Patch3: exim-CVE-2017-1000369.patch
-Patch4: exim-CVE-2017-16943.patch
-Patch5: exim-CVE-2017-16944.patch
-Patch6: exim-4.86.2-mariadb_102_compile_fix.patch
%package -n eximon
Summary: Eximon, an graphical frontend to administer Exim's mail queue
@@ -153,10 +144,6 @@
%prep
%setup -q -n exim-%{version}
%patch0
-%patch3 -p 1
-%patch4 -p 1
-%patch5 -p 1
-%patch6 -p 1
# build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
fPIE="-fPIE"
@@ -294,7 +281,7 @@
EXPERIMENTAL_DSN=yes
SYSTEM_ALIASES_FILE=/etc/aliases
%if %{with dane}
- EXPERIMENTAL_DANE=yes
+ DANE=yes
%endif
EXPERIMENTAL_SOCKS=yes
%if %{with i18n}
@@ -328,7 +315,7 @@
inst_info=$RPM_BUILD_ROOT/%{_infodir} \
INSTALL_ARG=-no_chown install
#mv $RPM_BUILD_ROOT/usr/sbin/exim-%{version}* $RPM_BUILD_ROOT/usr/sbin/exim
-mv $RPM_BUILD_ROOT/usr/sbin/exim-4.8* $RPM_BUILD_ROOT/usr/sbin/exim
+mv $RPM_BUILD_ROOT/usr/sbin/exim-4.9* $RPM_BUILD_ROOT/usr/sbin/exim
mv $RPM_BUILD_ROOT/etc/exim/exim.conf src/configure.default # with all
substitutions done
%if 0%{?suse_version} > 1220
install -m 0644 %{S:40} $RPM_BUILD_ROOT/%{_unitdir}/exim.service
++++++ exim-4.88.tar.bz2 -> exim-4.91.tar.bz2 ++++++
++++ 72428 lines of diff (skipped)
